Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled
The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling']
I tried gemin against polling but I get the same error. The strange thing is that if I enable ssh action, starts with no problem. So it appears to be problem with sasl action, witch is:
[sasl-iptables]
enabled = true filter = sasl backend = polling action = iptables-multiport[name=sasl, port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] sendmail-whois[name=sasl, dest=my@email] logpath = /var/log/maillog
The same setup I have in several mailserver (fedora and centos 6 distro) and all work fine.
Does someone faced the same problem?
Thak you in advance.
Try strace to follow all fork/exec to see which command is invalid. Or, debug log?
------------ Banyan He Blog: http://www.rootong.com Email: banyan@rootong.com
On 4/10/2013 6:06 PM, Nikos Gatsis - Qbit wrote:
Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf installed with selinux disabled
The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling']
I tried gemin against polling but I get the same error. The strange thing is that if I enable ssh action, starts with no problem. So it appears to be problem with sasl action, witch is:
[sasl-iptables]
enabled = true filter = sasl backend = polling action = iptables-multiport[name=sasl, port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] sendmail-whois[name=sasl, dest=my@email] logpath = /var/log/maillog
The same setup I have in several mailserver (fedora and centos 6 distro) and all work fine.
Does someone faced the same problem?
Thak you in advance.
On Wed, Apr 10, 2013 at 6:06 AM, Nikos Gatsis - Qbit ngatsis@qbit.grwrote:
Hello list I'm trying to setup fail2ban specially sasl action but I'm facing problems. I have centos-release-5-9.el5.centos.1 and fail2ban-0.8.7.1-1.el5.rf
I'm using fail2ban from EPEL since I didn't have any luck with the package from RPMForge. I standardize on using EPEL if I can (but another admin installed the rpmforge repo earlier).
I had to tweak the regex for the sasl filter to get it to match failed sasl auth attempts though (EPEL package).
]# grep failregex /etc/fail2ban/filter.d/sasl.conf # Option: failregex #failregex = (?i): warning: [-._\w]+[<HOST>]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$ failregex = (?i): warning: [-._\w]+[<HOST>]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/\s]*={0,2})?$
installed with selinux disabled
The errors I get are: INFO Creating new jail 'sasl-iptables' fail2ban.comm : WARNING Invalid command: ['add', 'sasl-iptables', 'polling']
I believe this is exactly what I saw before I bailed on the rpmforge fail2ban packages.
I tried gemin against polling but I get the same error.
You don't need to set it to gamin ... the sasl jail (by default) is set to polling (and this works with the EPEL package).
The strange thing is that if I enable ssh action, starts with no problem. So it appears to be problem with sasl action, witch is:
[sasl-iptables]
enabled = true filter = sasl backend = polling action = iptables-multiport[name=sasl, port="imap,imaps,pop3,pop3s,smtp", protocol=tcp] sendmail-whois[name=sasl, dest=my@email] logpath = /var/log/maillog
The same setup I have in several mailserver (fedora and centos 6 distro) and all work fine.
Does someone faced the same problem?
Thak you in advance.
-- Untitled Document
*Γατσής Νίκος - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngatsis@qbit.gr http://www.qbit.gr _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Banyan He -
Nikos Gatsis - Qbit -
SilverTip257